Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/P1pvZ_QpHLCNhor-GrDuuGuoxWU.roa
File:                     P1pvZ_QpHLCNhor-GrDuuGuoxWU.roa (raw, json)
Hash identifier:          j2Q3VKziFV5MgEQnuqrclJc+B8ndKOKWRmqLDbcpuQk=
Subject key identifier:   3F:5A:6F:67:F4:29:1C:B0:8D:86:8A:FE:1A:B0:EE:B8:6B:A8:C5:65
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0195F25A29E686F4F748162A298416614FD0
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/P1pvZ_QpHLCNhor-GrDuuGuoxWU.roa
Signing time:             Tue 01 Apr 2025 17:15:49 +0000
ROA not before:           Tue 01 Apr 2025 17:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        87.254.16.0/24 maxlen: 24
                          87.254.17.0/24 maxlen: 24
                          217.25.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f2:5a:29:e6:86:f4:f7:48:16:2a:29:84:16:61:4f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Apr  1 17:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f5a6f67f4291cb08d868afe1ab0eeb86ba8c565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b7:b4:0d:33:fa:47:00:7d:0c:d4:3e:6c:ef:
                    d6:6e:a7:33:bf:ac:3f:41:c3:35:08:63:d8:cd:3d:
                    90:c9:ff:01:c9:e5:a9:13:0f:de:09:05:02:e4:63:
                    d1:8d:50:65:79:71:b9:37:2e:78:a2:fa:3f:76:70:
                    a1:56:52:29:90:07:75:d5:a7:9a:69:80:92:3c:70:
                    49:81:d0:6d:2c:ea:e9:c0:4d:88:02:8a:fd:07:59:
                    3c:e9:7b:e9:5b:06:ed:26:3c:49:33:58:b9:74:a1:
                    9e:bc:dc:e1:f8:48:dd:6b:15:16:38:fd:1c:21:71:
                    b8:01:b1:08:c1:b7:d1:5a:06:77:9b:8c:0b:0a:f1:
                    7b:1f:32:6d:9e:03:79:88:be:87:ea:7b:57:3e:1d:
                    9b:5e:d5:11:67:96:af:3d:69:3d:93:59:73:a7:fe:
                    62:82:e2:b0:69:99:dd:bf:e4:f0:ea:ac:1b:53:09:
                    aa:2b:c0:86:75:f4:94:c7:4d:75:53:78:a1:21:ef:
                    ad:f2:40:89:4f:cf:a7:9d:d9:04:91:30:b8:35:cf:
                    62:79:be:04:d6:22:3e:43:ad:80:f1:0f:a2:0a:33:
                    15:5f:31:c9:ed:56:b0:74:b9:1f:56:2d:91:bb:53:
                    c5:d2:16:26:b5:f9:9e:09:a6:97:6d:27:74:9c:16:
                    ae:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5A:6F:67:F4:29:1C:B0:8D:86:8A:FE:1A:B0:EE:B8:6B:A8:C5:65
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/P1pvZ_QpHLCNhor-GrDuuGuoxWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.16.0/23
                  217.25.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:b6:f0:ad:19:3c:cb:64:d6:0c:6f:5b:49:2d:f2:f1:01:aa:
         a8:e4:7b:f7:78:cc:76:27:56:01:4d:7c:07:82:f1:64:d9:c1:
         13:e7:ec:25:59:9f:12:b0:72:3e:ed:14:0b:5e:48:51:0d:e4:
         30:f6:45:c8:0c:18:29:1c:0d:a3:99:37:3c:31:63:9a:76:49:
         64:7b:d0:50:2b:fb:d8:6a:2c:94:b1:ff:da:d0:3c:35:a7:e5:
         fb:3f:0b:0e:e0:a7:26:17:eb:23:10:f4:23:aa:22:ae:97:17:
         f2:93:3d:2e:d3:2f:3f:89:12:27:52:be:a4:a9:4e:48:dd:ee:
         52:bb:dc:4f:f6:d1:36:ca:fb:f8:07:85:d0:71:dd:df:92:d9:
         4f:b1:b6:1b:22:24:b1:28:90:bb:80:15:8d:81:9e:ca:ad:61:
         9f:89:66:17:61:77:00:f0:cd:49:ec:ff:8f:21:33:bf:07:2c:
         5d:07:5d:7b:aa:b2:f5:43:ec:38:b2:46:63:b4:21:a8:a5:55:
         55:12:ed:bc:65:01:b6:2f:8d:0e:ae:c1:18:e5:0a:28:aa:33:
         60:21:75:b5:c6:0f:5b:76:6a:8c:f8:5f:d4:da:a0:d7:fe:f7:
         c3:19:be:58:77:20:c7:9f:09:9a:d0:14:ea:46:9d:da:5f:12:
         b3:e8:3b:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXyWinmhvT3SBYqKYQWYU/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwNDAxMTcxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjVhNmY2N2Y0MjkxY2IwOGQ4NjhhZmUxYWIwZWViODZiYThjNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLe0DTP6RwB9DNQ+bO/Wbqczv6w/
QcM1CGPYzT2Qyf8ByeWpEw/eCQUC5GPRjVBleXG5Ny54ovo/dnChVlIpkAd11aea
aYCSPHBJgdBtLOrpwE2IAor9B1k86XvpWwbtJjxJM1i5dKGevNzh+EjdaxUWOP0c
IXG4AbEIwbfRWgZ3m4wLCvF7HzJtngN5iL6H6ntXPh2bXtURZ5avPWk9k1lzp/5i
guKwaZndv+Tw6qwbUwmqK8CGdfSUx011U3ihIe+t8kCJT8+nndkEkTC4Nc9ieb4E
1iI+Q62A8Q+iCjMVXzHJ7VawdLkfVi2Ru1PF0hYmtfmeCaaXbSd0nBauxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD9ab2f0KRywjYaK/hqw7rhrqMVlMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvUDFwdlpfUXBITENOaG9yLUdyRHV1R3VveFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV/4QAwQA
2RkBMA0GCSqGSIb3DQEBCwUAA4IBAQAmtvCtGTzLZNYMb1tJLfLxAaqo5Hv3eMx2
J1YBTXwHgvFk2cET5+wlWZ8SsHI+7RQLXkhRDeQw9kXIDBgpHA2jmTc8MWOadklk
e9BQK/vYaiyUsf/a0Dw1p+X7PwsO4KcmF+sjEPQjqiKulxfykz0u0y8/iRInUr6k
qU5I3e5Su9xP9tE2yvv4B4XQcd3fktlPsbYbIiSxKJC7gBWNgZ7KrWGfiWYXYXcA
8M1J7P+PITO/ByxdB117qrL1Q+w4skZjtCGopVVVEu28ZQG2L40OrsEY5QooqjNg
IXW1xg9bdmqM+F/U2qDX/vfDGb5YdyDHnwma0BTqRp3aXxKz6Dvx
-----END CERTIFICATE-----